class CommentsController < ApplicationController
  before_filter :load_event
  before_filter :deny_non_attendees, :only => :create
  before_filter :deny_non_owners, :only => :destroy
  
  def index
    @comments = @event.comments.find(:all, :order => 'created_at asc')
    render :layout => false
  end
  
  def create
    comment = Comment.new(:user => current_user, :content => params[:content])
    comment.url = request.host_with_port
    @event.comments << comment
    redirect_to event_url(@event)
  end
  
  def destroy
    @comment.destroy
    redirect_to event_url(@event)
  end
  
  
  private
  def load_event
    @event = Event.find params[:event_id]
  end
  
  def deny_non_attendees
    unless current_user.manager? or current_user.is_assigned_to? @event
      render :text => :access_denied.l, :status => 403
      return false
    end
  end
  
  def deny_non_owners
    @comment = @event.comments.find(params[:id])
    unless current_user == @comment.user
      render :text => :access_denied.l, :status => 403
      return false
    end
  end
  
end
